Administrator Guide

accounting commands role netadmin ucraaa

line vty 8

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

line vty 9

login authentication ucraaa

authorization exec ucraaa

accounting commands role netadmin ucraaa

!

specific options: privilege level and roles. The Dell EMC Networking vendor-ID is 6027 and the supported option has attribute of

type string, which is titled “Force10-avpair”. The value is a string in the following format:

protocol : attribute sep value

“attribute” and “value” are an attribute-value (AV) pair defined in the Dell EMC Networking OS TACACS+ specification, and

“sep” is “=”. These attributes allow the full set of features available for TACACS+ authorization and are authorized with the

same attributes for RADIUS.

Example for Configuring a VSA Attribute for a Privilege Level 15

The following example configures an AV pair which allows a user to login from a network access server with a privilege level of

15, to have access to EXEC commands.

The format to create a Dell EMC Networking AV pair for privilege level is shell:priv-lvl=<number> where number is a

In the following example, you create an AV pair for a system-defined role, sysadmin.

Force10-avpair= "shell:role=sysadmin"

In the following example, you create an AV pair for a user-defined role. You must also define a role, using the userrole

myrole inherit command on the switch to associate it with this AV pair.

Force10-avpair= ”shell:role=myrole“

The string, “myrole”, is associated with a TACACS+ user group. The user IDs are associated with the user group.

This section describes how to configure role accounting and how to display active sessions for roles.

This sections consists of the following topics:

● Configuring AAA Accounting for Roles

Security